-$Cambridge: exim/doc/doc-txt/NewStuff,v 1.163 2010/06/01 11:13:54 pdp Exp $
+$Cambridge: exim/doc/doc-txt/NewStuff,v 1.172 2010/06/06 02:46:13 pdp Exp $
New Features in Exim
--------------------
the documentation is updated, this file is reduced to a short list.
+Version 4.73
+------------
+
+ 1. A new main configuration option, "openssl_options", is available if Exim
+ is built with SSL support provided by OpenSSL. The option allows
+ administrators to specify OpenSSL options to be used on connections;
+ typically this is to set bug compatibility features which the OpenSSL
+ developers have not enabled by default. There may be security
+ consequences for certain options, so these should not be changed
+ frivolously.
+
+ 2. A new pipe transport option, "permit_coredumps", may help with problem
+ diagnosis in some scenarios. Note that Exim is typically installed as
+ a setuid binary, which on most OSes will inhibit coredumps by default,
+ so that safety mechanism would have to be overriden for this option to
+ be able to take effect.
+
+ 3. ClamAV 0.95 is now required for ClamAV support in Exim, unless
+ Local/Makefile sets: WITH_OLD_CLAMAV_STREAM=yes
+ Note that this switches Exim to use a new API ("INSTREAM") and a future
+ release of ClamAV will remove support for the old API ("STREAM").
+
+ The av_scanner option, when set to "clamd", now takes an optional third
+ part, "local", which causes Exim to pass a filename to ClamAV instead of
+ the file content. This is the same behaviour as when clamd is pointed at
+ a Unix-domain socket. For example:
+
+ av_scanner = clamd:192.0.2.3 1234:local
+
+ 4. There is now a -bmalware option, restricted to admin users. This option
+ takes one parameter, a filename, and scans that file with Exim's
+ malware-scanning framework. This is intended purely as a debugging aid
+ to ensure that Exim's scanning is working, not to replace other tools.
+
+ 5. There is a new expansion operator, "reverse_ip", which will reverse IP
+ addresses; IPv4 into dotted quad, IPv6 into dotted nibble. Examples:
+
+ ${reverse_ip:192.0.2.4}
+ -> 4.2.0.192
+ ${reverse_ip:2001:0db8:c42:9:1:abcd:192.0.2.3}
+ -> 3.0.2.0.0.0.0.c.d.c.b.a.1.0.0.0.9.0.0.0.2.4.c.0.8.b.d.0.1.0.0.2
+
+ 6. There is a new ACL control called "debug", to enable debug logging.
+ This allows selective logging of certain incoming transactions within
+ production environments, with some care. It takes two options, "tag"
+ and "opts"; "tag" is included in the filename of the log and "opts"
+ is used as per the -d<options> command-line option. Examples, which
+ don't all make sense in all contexts:
+
+ control = debug
+ control = debug/tag=.$sender_host_address
+ control = debug/opts=+expand+acl
+ control = debug/tag=.$message_exim_id/opts=+expand
+
+ 7. It has always been implicit in the design and the documentation that
+ "the Exim user" is not root. src/EDITME said that using root was
+ "very strongly discouraged". This is not enough to keep people from
+ shooting themselves in the foot in days when many don't configure Exim
+ themselves but via package build managers. The security consequences of
+ running various bits of network code are severe if there should be bugs in
+ them. As such, the Exim user may no longer be root. If configured
+ statically, Exim will refuse to build. If configured as ref:user then Exim
+ will exit shortly after start-up. If you must shoot yourself in the foot,
+ then henceforth you will have to maintain your own local patches to strip
+ the safeties off.
+
+
Version 4.72
------------
in the presence of multiple character strings within the RR. Prior to 4.70,
only the first string would be returned. The dnsdb lookup now, by default,
preserves the pre-4.70 semantics, but also now takes an extended output
- separator specification. The first output separator is used to join
- multiple TXT records together; use a second separator character, followed
- by a colon, to join the strings within a TXT record on that second
- character, or use a semicolon to concatenate strings within a TXT record
- with no separator. Administrators are reminded that DNS provides no
- ordering guarantees between multiple records in an RRset. For example:
+ separator specification. The separator can be followed by a semicolon, to
+ concatenate the individual text strings together with no join character,
+ or by a comma and a second separator character, in which case the text
+ strings within a TXT record are joined on that second character.
+ Administrators are reminded that DNS provides no ordering guarantees
+ between multiple records in an RRset. For example:
foo.example. IN TXT "a" "b" "c"
foo.example. IN TXT "d" "e" "f"
${lookup dnsdb{>/ txt=foo.example}} -> "a/d"
${lookup dnsdb{>/; txt=foo.example}} -> "def/abc"
- ${lookup dnsdb{>/+: txt=foo.example}} -> "a+b+c/d+e+f"
+ ${lookup dnsdb{>/,+ txt=foo.example}} -> "a+b+c/d+e+f"
- Some character combinations are currently unsupported.
Version 4.70 / 4.71
-------------------
1. Native DKIM support without an external library.
+ (Note that if no action to prevent it is taken, a straight upgrade will
+ result in DKIM verification of all signed incoming emails. See spec
+ for details on conditionally disabling)
2. Experimental DCC support via dccifd (contributed by Wolfgang Breyha).
3. There is now a bool{} expansion condition which maps certain strings to
- true/false condition values (most likely of use in conjuction with the
+ true/false condition values (most likely of use in conjunction with the
and{} expansion operator).
4. The $spam_score, $spam_bar and $spam_report variables are now available
9. The transport_filter_timeout option now applies to SMTP transports too.
+Version 4.69
+------------
+
+ 1. Preliminary DKIM support in Experimental.
+
+
Version 4.68
------------
git://git.exim.org / exim.git / blobdiff